What Security Executives Should Know about Ethics

A Q&A with Keith Darcy, Executive Director of the Ethics and Compliance Officer Association


There are no secrets and no place to hide. Everyone can talk to anyone instantaneously, inside or outside the organization, and that raises profound risks. The flipside, however, is that the prosecutor's best friend is email. For those who think they can hit the delete button and it will disappear, they will find that that information can and will be found in the process of discovery.

What are some of the current ethical challenges security executives might face?

We have seen a number of new challenges emerge for security professionals:

- Workplace violence - Given new levels of stress, an increasing number of employees have reported incidents of violence.
- Physical safety - BP's loss of life in their Texas refinery, Con-Ed's problems with "live wires" and "hot spots," and the e-coli spinach crisis are just a few examples increasing concerns about employee, citizen, and customer safety.
- Employee screening - Since 9-11, employee screening and background checks have taken on new meaning.
- Employee negligence or abuse of data, including corporate, client, and employee information - The loss of laptops from government employees this year alone exceeds 1,100, containing enormous amounts of confidential data.
- Doing business abroad - The payment of bribes, or other fees, remains an issue long after the passage of the Foreign Corrupt Practices Act. Continued diligence is essential.

What are some of the most important things for security executives to know about ethics?

The scandals of the past few years have created a profound loss of trust. Investors, employees, and customers have felt betrayed by the culture of greed that has emerged. To address these issues, we have seen a wave of new laws and regulations.

Compliance with laws and regulations is an essential element of doing business. Mere compliance, however, may not be sufficient. Compliance is about acquiescing to authority. Ethics, ultimately, is about choice. We express our choices through our actions, as well as our in-actions. That is to say, it's not just what we do that matters; it's also what we don't do that counts. Because when we see something that's wrong, and don't do something, we have "chosen" not to do it.

Further, compliance programs risk becoming a "check-the-box" approach, which minimizes the process. In order to effectively establish the appropriate standards for conducting business, organizations must focus on embedding a system of values among their employees. In fact, as of November 1, 2004, the law now requires that, in addition to compliance, organizations must have ethics standards and a corporate culture that embraces them.

With increasing laws and regulations, organizations must promote self-regulation. Clearly, in the absence of self-regulation, there can be only one other alternative-more regulation. Ultimately, organizations must fortify their culture on a foundation of values and ethics. In the end, history shows that culture trumps compliance.

What are the most valuable tools and approaches for considering ethical issues?

First, while it may seem like an oversimplification, when making important decisions, we need to ask ourselves, "how will this decision look if it appears in The New York Times?" Second, every organization is required to have a Code of Conduct. Security professionals should consult it when facing difficult decisions. It is a resource. Third, most codes provide information regarding a confidential Helpline. Don't be afraid to use it. It's there for a reason.

Learn more: Business Management Skills for Security Executives
Columns and interviews with Wharton/ASIS program professors are regular features on SecurityInfoWatch.com. The Wharton/ASIS educational program is designed to superbly stimulate security improvement through educational reform by promoting better business comprehension and decision making by security executives. If you are interested in this program, please call 800-255-3932, ext. 4401, or send an email to execed@wharton.upenn.edu.